3.13.0

Changes

• Improve performance of the additional_queries feature by moving additional query results into a separate table in the MySQL database. Please note that the /api/v1/fleet/hosts API endpoint now return only the requested additional columns. Checkout the Fleet REST API documentation to see the changes to the hosts API endpoint here.

• Fix a bug in which running a live query in the Fleet UI would return no results and the query would seem "hung" on a small number of devices.

• Improve viewing live query errors in the Fleet UI by including the “Errors” table in the full screen view.

• Improve fleetctl preview experience by adding the fleetctl preview reset and fleetctl preview stop commands to reset and stop simulated hosts running in Docker.

• Add several improvements to the Fleet UI including additional contrast on checkboxes and dropdown pills.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.13.0/docs/README.md

Binary Checksum

SHA256

bf45ce36d8885ceb2d061d0ee268ebe0b095722f8e211c523676907d2b9920cb  fleet.zip
4dbe9e44b04846a5cda3621e81a52f8ae85edea65eebc962937d430416c9756a  fleetctl.exe.zip
a23a0ae87961638614eb7b08fbed4b9aa5db3cb926481f78e9d3227f7e1fc717  fleetctl-macos.tar.gz
1db2aa985a3ec0f65ccd88b2ab6e8fdc9607f27adb87b22d268e604841601763  fleetctl-windows.tar.gz
1714f8bd93accf2d632fbd222fa7c9ebc02b4f487c7accc231f895503191ada5  fleetctl-linux.tar.gz

3.12.0

Changes

• Add scheduled queries to the Host details page. Surface the "Name", "Description", "Frequency", and "Last run" information for each query in a pack that apply to a specific host.

• Improve the freshness of host vitals by adding the ability to "refetch" the data on the Host details page.

• Add ability to copy log fields into Google Cloud Pub/Sub attributes. This allows users to use these values for subscription filters.

• Add ability to duplicate live query results in Redis. When the redis_duplicate_results configuration option is set to true, all live query results will be copied to an additional Redis Pub/Sub channel named LQDuplicate.

• Add ability to controls the server-side HTTP keepalive property. Turning off keepalives has helped reduce outstanding TCP connections in some deployments.

• Fix an issue on the Packs page in which Fleet would incorrectly handle the configured server_url_prefix.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.12.0/docs/README.md

Binary Checksum

SHA256

d444840cb2560a689512482e1602f27eefafa041fdaad9a2e56c792aa2d636c1  fleet.zip
d45b95b7cde221792dd2493ba56be70aa9269eda016147a904ba7f9ebe898677  fleetctl.exe.zip
bc3b2487d0f9e55d1bfd2726d61f3b8ed6c16fe8b3fe1d05cca7f693d8631e18  fleetctl-macos.tar.gz
5dc5d900b0ac4cc45ee66177894595686098aeac00f292545482dc7077b49381  fleetctl-windows.tar.gz
e2bb6f97c6758bba0e4f314d7da7067c5f54617d406bcd5ee82bc78c4961a4d9  fleetctl-linux.tar.gz

3.11.0

Changes

• Improve Fleet performance by batch updating host seen time instead of updating synchronously. This improvement reduces MySQL CPU usage by ~33% with 4,000 simulated hosts and MySQL running in Docker.

• Add support for software inventory, introducing a list of installed software items on each host's respective Host details page. This feature is flagged off by default (for now). Check out the feature flag documentation for instructions on how to turn this feature on.

• Add Windows support for fleetctl agent autoupdates. The fleetctl updates command provides the ability to self-manage an agent update server. Available for Fleet Basic customers.

• Make running common queries more convenient by adding the ability to select a saved query directly from a host's respective Host details page.

• Fix an issue on the Query page in which Fleet would override the CMD + L browser hotkey.

• Fix an issue in which a host would display an unreasonable time in the "Last fetched" column.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.11.0/docs/README.md

Binary Checksum

SHA256

b0dc06c137cce0386b8fabde34da3ad63321991edbaca252e986bfae8fc53d9a  fleet.zip
05b212fe4bee3e4a4b2374ec930d21c22d68708b95c89988e094f4852f43c0d6  fleetctl.exe.zip
be79e12ba2cd2a7b7bb4e0485662cb0b87fd0ed5a32e6dc779b0e2672d993433  fleetctl-macos.tar.gz
ff5da49fa62c3e4d6131da3e0ae02af22f51122fda1446e020dcf0b3198ee520  fleetctl-windows.tar.gz
6d56cb93de747eb91916b85d857bbeebaea6fe7c2b50d04a7104267358a18102  fleetctl-linux.tar.gz

3.10.1

Changes

• Fix a frontend bug that prevented the "Pack" page and "Edit pack" page from rendering in the Fleet UI. This issue occurred when the platform key, in the requested pack's configuration, was set to any value other than darwin, linux, windows, or all.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.10.1/docs/README.md

Binary Checksum

SHA256

674106ae4971be40c83d14244ef7e420317c895936fddc1990e8395d50e9a1d3  fleet.zip
8dda58549dc887237bc5c0a7ca6fdf9834cc56d8a140c925c442df83b4c0b16a  fleetctl.exe.zip
6cf1672332e7ae60a406a70c35a9806e2007a511c03b2f82cbfc77c1feb1cdfe  fleetctl-macos.tar.gz
179e8c99831441cf5f27031f9457c9d0d36e1b55bfebc0e0347b4e89721cd7ce  fleetctl-windows.tar.gz
4300ea09aeb122fef837e1957b92d3491e6637bf5fbddebfa8e7c558f044a427  fleetctl-linux.tar.gz

Note

3.10.1 unintentionally included image assets that are unused in the Fleet application, resulting in larger-than-normal binaries.

3.10.0

Changes

• Add fleetctl agent auto-updates beta which introduces the ability to self-manage an agent update server. Available for Fleet Premium customers.

• Add option for Identity Provider-Initiated (IdP-initiated) Single Sign-On (SSO).

• Improve logging. All errors are logged regardless of log level, some non-errors are logged regardless of log level (agent enrollments, runs of live queries etc.), and all other non-errors are logged on debug level.

• Improve login resilience by adding rate-limiting to login and password reset attempts and preventing user enumeration.

• Add Fleet version and Go version in the My Account page of the Fleet UI.

• Improvements to fleetctl preview that ensure the latest version of Fleet is fired up on every run. In addition, the Fleet UI is now accessible without having to click through browser security warning messages.

• Prefer storing IPv4 addresses for host details.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.10.0/docs/README.md

Binary Checksum

SHA256

a71e6c6b30adde4464efb6484290575dad5a29ba09cf069581c7ec33778360eb  fleet.zip
3acf9b7fbccf119842df5d2671cd3d9d1bac977a75f41f4ab5a60161deb7303b  fleetctl.exe.zip
df676cb2a916b39c3ab009fcddae87117a319a5fce12c58b7112e5647cf9026d  fleetctl-macos.tar.gz
153024a1e00dd9b99a24ad9f2f93dd1794900ba7a9f23125fe5a2f369ec7c69f  fleetctl-windows.tar.gz
e26d4ddae2107c10b3870ef38666fad071cbc58735c944a553a136b93564af1d  fleetctl-linux.tar.gz

3.9.0

Changes

• Add configurable host identifier to help with duplicate host enrollment scenarios. By default, Fleet's behavior does not change (it uses the identifier configured in osquery's --host_identifier flag), but for users with overlapping host UUIDs changing --osquery_host_identifier to instance may be helpful.

• Make cool-down period for host enrollment configurable to control load on the database in scenarios in which hosts are using the same identifier. By default, the cooldown is off, reverting to the behavior of Fleet <=3.4.0. The cooldown can be enabled with --osquery_enroll_cooldown.

• Refresh the Fleet UI with a new layout and horizontal navigation bar.

• Trim down the size of Fleet binaries.

• Improve handling of config_refresh values from osquery clients.

• Fix an issue with IP addresses and host additional info dropping.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.9.0/docs/README.md

Binary Checksum

SHA256

55261bd63612b21e14e8bcefbd95bd1a5453549c3080924845319e22cddf2bb7  fleet.zip
b71492d064e9baf01624a2a54d56bbf6cde73a6820734035e69aa6e68cd44382  fleetctl.exe.zip
9708469b67bcb2cbc739a96098a646c9183b0e79f1d15ea30ee31a22a3c74b0c  fleetctl-macos.tar.gz
eaf99180eb504cba8d4625ddc572faa14ec27730aee8a9de8a8028502cb11238  fleetctl-windows.tar.gz
4ffd6f942f0d94cca15a56f4d543563553229d2d1f872d216cb1a4487a306aa5  fleetctl-linux.tar.gz

3.8.0

Changes

• Add search, sort, and column selection in the hosts dashboard.

• Add AWS Lambda logging plugin.

• Improve messaging about number of hosts responding to live query.

• Update host listing API endpoints to support search.

• Fixes to the fleetctl preview experience.

• Fix denylist parameter in scheduled queries.

• Fix an issue with errors table rendering on live query page.

• Deprecate KOLIDE_ environment variable prefixes in favor of FLEET_ prefixes. Deprecated prefixes continue to work and the Fleet server will log warnings if the deprecated variable names are used.

• Deprecate /api/v1/kolide routes in favor of /api/v1/fleet. Deprecated routes continue to work and the Fleet server will log warnings if the deprecated routes are used.

• Add Javascript source maps for development.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.8.0/docs/README.md

Binary Checksum

SHA256

e93f7efb13387f6fa538d253a088d719af7895a4002ca146b22bd7ca007703a9  fleet.zip
6f352ab40d37b672990f42ea1704aedcefdb048f262e410428dc54b50e7df109  fleetctl.exe.zip
2ac4c0e9fbdac3f8ec4fa586157ab87cd4fd3767bd3cc9534a2733e472232908  fleetctl-macos.tar.gz
79c503cc3e1baf46a359d91f79c815d382ca3f8fc25f7cbc1d35655d3e131de3  fleetctl-windows.tar.gz
0900d5e9d09e19811cfba40f8cb7fc9bd42d8e2917a20e1145bacfb3f4e08648  fleetctl-linux.tar.gz

3.7.4

Changes

This is a fleetctl only release with fixes to the fleetctl preview experience. Existing Fleet users need not upgrade to fleetctl 3.7.4.

Binary Checksum

SHA256

ba9032b18676ec853dc3324fbf6d2f371b1dcbe5b6697b0e6117f9035a7c58cd  fleetctl.exe.zip
6d512d09dce738b0d6de157b75c7379ed43ac2b9301a6e193453d4580c1b2336  fleetctl-macos.tar.gz
6a542901d6b0100fbbacac99eba826eb3c9b7c0c1a048df2c3e0b19e14e22e1c  fleetctl-windows.tar.gz
9ab1c9aefba6c918612dd9a32f959cd729a721d00ada40105a0bafe87ae3cb35  fleetctl-linux.tar.gz

3.7.1

Read the blog post: https://medium.com/fleetdm/fleet-3-7-1-d4c83f6875ac

Changes

• Change the default --server_tls_compatibility to intermediate. The new settings caused TLS connectivity issues for users in some environments. This new default is a more appropriate balance of security and compatibility, as recommended by Mozilla.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.7.1/docs/README.md

Binary Checksum

SHA256

f23dc4436969abd1053657c8894ec172de046e88e5cf1fd3597f7a3dba80046e  fleet.zip
9cac01f32141275928506d5c1d72bb443f6cbf8c346a233b7bb082779ddae1db  fleetctl.exe.zip
2df72ca82b0fefac56739fa11b8879a45af7189757f32d72ebc122c1b49fcb2a  fleetctl-macos.tar.gz
1c3094ac86dd58f7b0a91c1ef4afcd1aadd9f642fb694322fb2277f859a662e5  fleetctl-windows.tar.gz
d0fdac75fdf1908c1558f4e91433dd30aa8897708fb5194c5d880bdd7961a0ed  fleetctl-linux.tar.gz

3.7.0

Changes

This is a security release.

• Security: Fixed a vulnerability in which a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in denial of service. See GHSA-xwh8-9p3f-3x45 and the linked content within that advisory.

• Add new Host details page which includes a rich view of a specific host’s attributes.

• Reveal live query errors in the Fleet UI and fleetctl to help target and diagnose hosts that fail.

• Add Helm chart to make it easier for users to deploy to Kubernetes.

• Add support for denylist parameter in scheduled queries.

• Add debug flag to fleetctl that enables logging of HTTP requests and responses to stderr.

• Improvements to the fleetctl preview experience that include adding containerized osquery agents, displaying login information, creating a default directory, and checking for Docker daemon status.

• Add improved error handling in host enrollment to make debugging issues with the enrollment process easier.

• Upgrade TLS compatibility settings to match Mozilla.

• Add comments in generated flagfile to add clarity to different features being configured.

• Fix a bug in Fleet UI that allowed user to edit a scheduled query after it had been deleted from a pack.

Upgrading

Please visit our update guide for upgrade instructions.

Documentation

Documentation for this release can be found at https://github.com/fleetdm/fleet/blob/3.7.0/docs/README.md

Binary Checksum

SHA256

58fd16818e6062fda819fab0aa5629a6292fc48f50427172d1aac08a46272a30  fleet.zip
84cebe3a7837e77ec5f9384f8a4bed9e14e86ee0adc5f54f522c8ca148a8a3c9  fleetctl.exe.zip
cd72f9089b3c28122483de6edcd958d57748ee1592037ceb296ffea9ef9fd64e  fleetctl-macos.tar.gz
ba29a3555336e728e268efbe30b08f5be9046ef2e7f38d47469299ab3728f7f9  fleetctl-windows.tar.gz
7535bf71359e02703720acb7a3e9d2fb2bbb74690408e2348bf631ebeafed774  fleetctl-linux.tar.gz